Your automation tools are functioning as highly efficient backdoors.

๐Ÿค– Drive-By Sandbox RCE

The OpenHands agent has a nasty CSRF vulnerability hiding inside its Git diff handler. A local GET endpoint passes unsanitized input directly into a `shell=True` Python subprocess. A developer running the agent simply needs to visit a malicious webpage to get popped. An attacker embeds a drive-by payload on an external site; when the victim browses to it, their browser hits the local endpoint and injects OS commands directly into Python's `subprocess`, achieving silent remote command execution inside the local container sandbox. Patch your OpenHands instance immediately and mandate `shlex.quote()` for all shell inputs instead of raw string concatenation.

๐Ÿ•ต๏ธ Plaintext Credential Dumping

If you run a multi-user, self-hosted n8n Community Edition, your internal boundaries are completely broken. Chained authorization bugs and a permission checker bypass allow authenticated users to dump other users' generic HTTP credentials in absolute plaintext. A malicious or compromised tenant could abuse name-based resolution to bypass access controls and scrape these secrets directly from the database. Any authenticated user on a shared instance can instantly steal secrets belonging to any other user or admin on that box. Upgrade to `1.123.27+` or `2.13.3+` today and unconditionally rotate all generic HTTP credentials stored on the instance.

๐Ÿ“ฆ Unpinned Poison

The `litellm` PyPI package was compromised and poisoned upstream before finally being quarantined. If your CI/CD or AI infrastructure pulled this package without version pinning during the vulnerability window, you could actively be running attacker code. This PyPI supply chain compromise infects downstream infrastructure upon a simple `pip install`, allowing an attacker to execute malicious code directly in the host environment. Run the litellm-checker tool to audit your exposure. If compromised versions were pulled, assume full breach and strictly pin all dependency hashes immediately.